Okta-Certified-Administrator Okta Certified Administrator Exam Free Practice Exam Questions (2025 Updated)

Okta AD Agents can be successfully and completely configured by:

Solution: Read-only administrators

When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId")

Solution: Boolean

As an Okta admin, when you implement IWA, you have to know how to successfully test it to see if it's working. For this you:

Solution: Restart AD Domain Controller and go into IIS and see if you have IWA references in there

What does SCIM stand for?

Solution: System for Cross-domain Identity Management

In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.

Solution: The statement is valid, but Okta is not the one doing decryption - the browser is doing that

With agentless DSSO (Desktop Single Sign-on), you still have a need of deploying IWA Agents in your Active Directory domains to implement DSSO functionality.

Solution: The statement is true, but not for the part about: the deployment of IWA Agents into Active Directory domains. The IWA Agents can now be deployed on whichever machine, it's a unique functionality that only agentless DSSO has and not on-prem DSSO.

If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:

Solution: Delete the mapping by the help of which the value came into Okta User Profile

On a Windows machine, which is the right behavior if you try to sign into your Okta org and agentless DSSO is properly configured for it?

Solution: You will be automatically redirected to The Okta Sign In page for your organization, where you need to fill in with your AD credentials

How can SAML provision attributes via JIT? Or even create users?

Solution: By including specific information in the GET API call

Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.

Solution: Both statements are false

Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?

Solution: Yes, and AD Agent

When you are trying to federate (via WS-FED) Office 365 with Okta:

Solution: You can choose to skip importing user groups and group memberships into Okta

Whenever you make an API call, you will then get back:

Solution: Response headers

Regarding Access Request Workflow, when a user requests an app - he can also include a message to the approver. But you can also designate an approver group.

Solution: Only the second statement is true

In an agentless DSSO (Desktop Single Sign-on) scenario Okta is the one decrypting the Kerberos ticket, finds then the user name, authenticates the user and passes back a session to the browser.

Solution: The statement is valid, but Okta is not the one doing authentication - IWA Agent and AD Agent are doing that as AD agent verifies the AD user's identity

The SCIM protocol is for provisioning and managing identity data on the web.

Solution: An application-level REST protocol

When using Okta Expression Language, which variable type results out of this Okta Expression? isMemberOfGroup("groupId")

Solution: Array

What does SCIM stand for?

Solution: System for CRSF-domain Identity Management

Does Okta require an Agent to sit in-between Okta to SCIM-enabled app on premises requests?

Solution: Yes, an Okta Application Integration Agent